[PEAK] peak.security

John Landahl john at landahl.org
Tue Oct 21 17:03:14 EDT 2003

Again for another "off topic" topic...

peak.security looks very promising, but I haven't quite been able to wrap 
my head around it yet from just the unit tests.  Are any examples of its 
use planned?

What I'm hoping to do is secure object interactions at the method and 
attribute level, so that one object accessing another on behalf of a user 
will encounter exceptions where the user is not permitted access.  More 
specifically, a Twisted Perspective object P will attempt to access a PEAK 
component C on behalf of a remote user U who belongs to a "role" R (our 
idea of a "role" seems to match up with security.Permission).  If C's 
method M1 does not allow role R, then P calling C.M1 should generate an 

Using peak.security, how would I disallow R or U from calling C.M1?  Would 
I call C.M1 normally from P (and get the exception as expected), or would 
accessing C's attributes/methods have to go through some sort of accessor 
function?  How would I define that U and R are the active permissions when 
making the method call attempt?

More information about the PEAK mailing list